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Amendment to the Claims 

This listing of claims will replace all prior versions, and listings, of claims in the application: 
Listing of Claims 

Claim 1 (currently amended): A method for authenticating a user certificate received from a user 
requesting access to a secure web service, said user certificate including user certificate data, said 
method comprising: 

receiving a request from a user for access to the web service, said request including the 
user certificate; 

retrieving revoked certificate data from a plurality of certificate issuers, wherein the 
revoked certificate data identifies one or more revoked certificates; 
storing the revoked certificate data in a central location; 

r e c e iving a r e qu e st from a user for access to the web service, said request including th e 
us e r c e rtificate; 

comparing the user certificate data included in the user certificate to the revoked 
certificate data stored in the central location; 

selectively authenticating the user as a function of the comparing if the comparing 
indicates that the user certificate data matches the revoked certificate data in the central location ; 

providing the user access to the requested web service when the user is authenticated; 
if the comparing indicates that the user certificate data from the requested user certificate 
does not match the revoked certificate data stored in the central location: 
authenticating the user; 

providing the user access to the requested web service; 

identifying an address from the user certificate data included with the request, said 
address identifying the location of revoked certificate data for a plurality of revoked certificates 
being maintained by at least one of the plurality of certificate issuers; and 

storing the address in the central location for subsequent retrieval. 
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Claim 2 (original): The method of claim 1, wherein the user certificate data includes a unique 
identifier identifying a particular certificate issued to the user, and wherein authenticating the 
user includes determining whether the unique identifier included with the request corresponds to 
a unique identifier included in the revoked certificate data. 

Claim 3 (original): The method of claim 1, wherein the user certificate data includes an 
expiration date identifying a date after which the certificate issued to the user is invalid, and 
wherein authenticating the user includes determining whether the expiration date is prior to a 
current date or after the current date, and providing the authenticated user access to the requested 
web service when the expiration date is determined to be after to the current date. 

Claim 4 (original): The method of claim 1 , wherein retrieving the revoked certificate data from a 
plurality of certificate issuers includes: 

identifying an address from the user certificate data included with the request, said 
address identifying the location of revoked certificate data for a plurality of revoked certificates 
being maintained by at least one of the plurality of certificate issuers; and 
retrieving the revoked certificate data from the location identified by the identified address. 

Claim 5 (original): The method of claim 4, wherein the identified address is a uniform resource 
locator corresponding to a web service storing revoked certificate data. 

Claim 6 (currently amended): The method of claim 4 further including comparing user certificate 
data to the retrieved revoked certificate data stored in the central location to identify a new a list 
of addresses corresponding to a plurality of different revoked certificates^ 

Claim 7 (currently amended): The method of claim 4, wherein identifying the address from the 
user certificate data included with the request includes identifying the location of a certificate 
revocation list, said certificate revocation list listing revoked certificate data for a plurality of 
revoked certificate data being maintained by at least one of the plurality of certificate issuers.. 



Serial No. 10/817,246 



5 



MS#307521.01 (5107) 



Claim 8 (original): The method of claim 1, wherein the retrieving includes retrieving revoked 
certificates previously stored in the central location. 

Claim 9 (currently amended): A method for adding additional revoked certificate data from a 
plurality of certificate issuers to revoked certificate data stored in a central location, said stored 
revoked certificate data identifying one or more certificate issuers publishing revoked certificate 
data for a plurality of revoked certificates^, ]], comprising: 

retrieving the stored revoked certificate data from the central location; 

comparing a user certificate data included in a user certificate included in a user request 
to the stored revoked certificate data, said user request being received from a user; 

authenticating the user if the comparing indicates that the user certificate data matches 
the revoked certificate data in the central location ; and 

providing the user access to the requested web service when the user is authenticated; 

identifying an address of each of the one or more certificate issuers from the retrieved 

revoked certificate data; 

if the comparing indicates that the user certificate data from the requested user certificate 
docs not match the revoked certificate data stored in the central location: 

authenticating the user; 

providing the user access to the requested web service; 

identifying another address from the user certificate data included with the request, said 
address identifying the location of revoked certificate data for a plurality of revoked certificates 
being maintained by at least one of the plurality of certificate issuers; 

storing the another address in the central location for subsequent retrieval; 
determining an update time for each of the one or more certificate issuers from the retrieved 
revoked certificate data, said update times each specifying a time updated revoked certificate 
data is published by each of the one or more certificate issuer; 

organizing the retrieved revoked certificate data in a sequence according to the determined 
update time for each of the one or more certificate issuers; and 

identifying an address of each of the one or more certificate issuers from the retrieved 

revoked certificate data; and 



Serial No. 10/817,246 



6 



MS#307521.01 (5107) 



retrieving additional revoked certificate data from the identified addresses according to 
update times in the organized sequence. 

Claim 10 (original): The method of claim 9, wherein determining the update time includes 
parsing the retrieved revoked certificate data to determine update times, and wherein the 
identifying an address of a certificate issuer includes parsing the revoked certificate data to 
identify a uniform resource locator (URL) identifying an Internet address of the certificate issuer. 

Claim 1 1 (currently amended): A system for retrieving revoked certificate data in response to a 
client request, said client request requesting access to a secure web service and including user 
certificate data, comprising: 
a central database; 

a fetching server for retrieving revoked certificate data from a plurality of certificate authority 
servers for storage in said central database, wherein the revoked certificate data identifies one or 
more revoked certificates; and 

an authentication server responsive to the client request for executing a certificate revocation 
provider component, said certificate revocation provider component loading the revoked 
certificate data in the central database into a memory associated with the authentication server, 
and wherein the certificate revocation provider component is responsive to the client request and 
loaded revoked certificate data to determine if the client request is authentic based on a match of 
the client request and the stored revoked certificate data , 

wherein, if a match of the client request and the stored revoked certificate data is not found, the 
authentication server authenticates the user, and the certificate revocation provider component 
identifies an address from the user certificate data included with the client request, said address 
identifying the location of revoked certificate data for a plurality of revoked certificates being 
maintained by at least one of the plurality of certificate issuers; and wherein the certificate 
revocation provider component stores the address in the central database for subsequent retrieval 
by the fetching server. 
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Claim 12 (original): The system of claim 1 1, wherein the certificate revocation provider service 
examines an expiration date included in the revoked certificate data to determine if the client is 
authorized to access the requested web service. 

Claim 13 (original): The system of claim 11, wherein the certificate revocation provider service 
further examines a next update time included in loaded revoked certificate data to determine if 
the loaded revoked certificate data is the latest revoked certificate data. 

Claim 14 (original): The system of claim 11, wherein the fetching server includes a default 
address identifying the location of a certificate authority server publishing revoked certificate 
data for a list of revoked certificates, and wherein the fetching server retrieves the revoked 
certificate data from the certificate authority having the default address. 

Claim 15 (original): The system of claim 11, wherein the fetching server includes a fetching 
table maintaining revoked certificate data for a plurality of revoked certificates previously 
retrieved from a certificate authority server, and wherein revoked certificate data maintained in 
the fetching table identifies an address of a certificate authority server maintaining a list of 
revoked certificates, and wherein the fetching server retrieves additional revoked certificate data 
from the certificate authority having the identified address. 

Claim 16 (original): The system of claim 15, wherein the certificate revocation provider service 
further compares retrieved revoked certificate data to user certificate data to identify a new a list 
of addresses corresponding to a plurality of revoked certificates. 

Claim 17 (currently amended): A system for managing certificate revocation status data, 
comprising: 

a fetching server for identifying a list of addresses corresponding to a plurality of 
certificate issuers, said fetching server retrieving revoked certificate status data from a content 
server corresponding to the list of addresses; and 

a central database responsive to the retrieved revoked certificate status data for storing a 
list of revoked certificates,, 

wherein the fetching server identifying a address from a user certificate data included in 
a client request for the stored the list of revoked certificates if it is determined that there is no 
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match between the user certificate data and retrieved certificate status data, said address 
identifying the location of revoked certificate data for a plurality of revoked certificates being 
maintained by at least one of the plurality of certificate issuers, and wherein the central database 
stores the address in the central location for subsequent retrieval. 

Claim 18 (currently amended): A computer readable storage medium comprising computer- 
executable instructions for authenticating a user requesting access to a web service, comprising 

retrieving instructions for retrieving revoked certificate data from a plurality of certificate 
issuers, wherein the revoked certificate data identifies one or more revoked certificates; 

storing instructions for storing the revoked certificate data for each of the identified one 
or more revoked certificates in a central location; 

receiving instructions for receiving a request from a user for access to the web service, 
said request including a user certificate including user certificate data; 

comparing instructions for comparing the user certificate data to the revoked certificate 
data stored in the central location; 

authenticating instructions for selectively authenticating the user as a function of th e 
comparison if the comparing indicates that the user certificate data matches the revoked 
certificate data in the central location ; and 

providing instructions for providing the user access to the requested web service when 
the user is authenticated; 

if the comparing indicates that the user certificate data from the requested user certificate 
does not match the revoked certificate data stored in the central location: 

wherein the authentication instructions authenticate the user; 

wherein the providing instructions provide the user access to the requested web service; 

identifying instructions for identifying an address from the user certificate data included 
with the request, said address identifying the location of revoked certificate data for a plurality of 
revoked certificates being maintained by at least one of the plurality of certificate issuers; and 

wherein the storing instructions store the address in the central location for subsequent 
retrieval. 
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Claim 19 (currently amended): The computer readable storage medium of claim 18 wherein user 
certificate data includes a unique identifier identifying a particular certificate issued to the user, 
and wherein authenticating the user includes instructions for determining whether the unique 
identifier included with the request corresponds to a unique identifier included in the revoked 
certificate data. 

Claim 20 (currently amended): The computer readable storage m edium of claim 18 wherein user 
certificate data includes an expiration date identifying a date after which the certificate issued to 
the user is invalid, and wherein authenticating the user includes instructions for determining 
whether the expiration date is prior to a current date or after the current date, and wherein 
providing instructions provide the identified authentic user access to the requested web service 
when the expiration date is determined to be after to the current date. 

Claim 21 (currently amended): The computer readable storage medium of claim 18, wherein the 
instructions for retrieving the revoked certificate data from a plurality of certificate issuers 
include instructions for identifying an address from the user certificate data included with the 
request, said address identifying a location for revoked certificate data being published by at 
least one of the plurality of certificate issuers, and wherein the retrieving instructions include 
instructions for retrieving the revoked certificate data from the identified location. 

Claim 22 (currently amended): The computer readable storage medium for adding additional 
revoked certificate data to revoked certificate data stored in a central location, said stored 
revoked certificate data identifying one or more certificate issuers publishing revoked certificate 
data for a plurality of revoked certificates, comprising: 

retrieving instructions for retrieving the stored revoked certificate data from the central 
location; 

comparing instructions for comparing a user certificate data included in a user certificate 
included in a user request to the stored revoked certificate data, said user request being received 
from a user; 

authenticating instructions for authenticating the user if the comparing indicates that the 
user certificate data matches the revoked certificate data in the central location ; 
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providing instructions for providing the user access to the requested web service when 
the user is authenticated; 

identifying instructions for identifying an address of each of the one or more certificate 
issuers from the retrieved revoked certificate data; 

if the comparing indicates that the user certificate data from the requested user certificate 
does not match the revoked certificate data stored in the central location: 

wherein the authenticating instructions authenticate the user; 

wherein the providing instructions provide the user access to the requested web service; 

wherein the identifying instructions identify another address from the user certificate data 
included with the request, said address identifying the location of revoked certificate data for a 
plurality of revoked certificates being maintained by at least one of the plurality of certificate 
issuers; 

wherein the storing instructions store the another address in the central location for 
subsequent retrieval; 

determining instructions for determining an update time for each of the one or more 
certificate issuers from the retrieved revoked certificate data, said update times each specifying a 
time updated revoked certificate data is published by each of the one or more certificate issuer; 

organizing instructions for organizing the retrieved revoked certificate data in a sequence 
according to the determined update time for each of the plurality of certificate issuers; 
identifying instructions for identifying an address of each of the one or more certificate issuers 

retrieving instructions for retrieving additional revoked certificate data from the identified 
addresses according to update times in the organized sequence. 



